ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2019.2218
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'openssl110h' package(s) announced via the EulerOS-SA-2019-2218 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'openssl110h' package(s) announced via the EulerOS-SA-2019-2218 advisory. Vulnerability Insight: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used.(CVE-2019-1547) In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) Affected Software/OS: 'openssl110h' package(s) on Huawei EulerOS V2.0SP5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0734 BugTraq ID: 105758 http://www.securityfocus.com/bid/105758 Debian Security Information: DSA-4348 (Google Search) https://www.debian.org/security/2018/dsa-4348 Debian Security Information: DSA-4355 (Google Search) https://www.debian.org/security/2018/dsa-4355 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html RedHat Security Advisories: RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:2304 RedHat Security Advisories: RHSA-2019:3700 https://access.redhat.com/errata/RHSA-2019:3700 RedHat Security Advisories: RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932 RedHat Security Advisories: RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933 RedHat Security Advisories: RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935 SuSE Security Announcement: openSUSE-SU-2019:1547 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html SuSE Security Announcement: openSUSE-SU-2019:1814 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html https://usn.ubuntu.com/3840-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-1547 Bugtraq: 20190912 [slackware-security] openssl (SSA:2019-254-03) (Google Search) https://seclists.org/bugtraq/2019/Sep/25 Bugtraq: 20191001 [SECURITY] [DSA 4539-1] openssl security update (Google Search) https://seclists.org/bugtraq/2019/Oct/1 Bugtraq: 20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update (Google Search) https://seclists.org/bugtraq/2019/Oct/0 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a https://security.netapp.com/advisory/ntap-20190919-0002/ https://security.netapp.com/advisory/ntap-20200122-0002/ https://security.netapp.com/advisory/ntap-20200416-0003/ https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS https://www.openssl.org/news/secadv/20190910.txt https://www.tenable.com/security/tns-2019-08 https://www.tenable.com/security/tns-2019-09 Debian Security Information: DSA-4539 (Google Search) https://www.debian.org/security/2019/dsa-4539 Debian Security Information: DSA-4540 (Google Search) https://www.debian.org/security/2019/dsa-4540 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ https://security.gentoo.org/glsa/201911-04 http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html https://arxiv.org/abs/1909.01785 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:2158 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html SuSE Security Announcement: openSUSE-SU-2019:2189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html https://usn.ubuntu.com/4376-1/ https://usn.ubuntu.com/4376-2/ https://usn.ubuntu.com/4504-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-1563 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.